malwarewikiaorg-20200223-history
PClock
PClock is a dangerous ransomware that runs on Microsoft Windows. It claims to be CryptoLocker. Behavior Unlike other ransomware, PClock does not append any extensions, or rename, files. Payload Transmission PClock is distributed through spam emails, peer-to-peer networks, fake software updaters, and trojans. Infection Following successful encryption, this ransomware opens a pop-up window and creates a text file ("Your files are locked !!!!.txt"), placing it on the desktop wallpaper. Both contain ransom-demand messages. The message states that files are encrypted using RSA-2048 cryptography. Thus, public (encryption) and private (decryption) keys are generated during encryption. The private key is stored on remote servers controlled by cyber criminals. Decryption without this key is impossible. Therefore, victims who wish to restore their files, must purchase the key for 1.2 Bitcoins ($767). If the payment is not submitted within 120 hours, the private key is permanently deleted and decryption of files becomes impossible. The ransom note saids the following: Support e-mails: suppteam01@india.com suppteam01@yandex.ru Your personal files encryption produced on this computer: photos, videos, documents, etc. Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key. The single copy of the private key, which will allow to decrypt the files, located on a secret server on the Internet; the server will destroy the key after a time specified in this window. After that nobody and never will be able to restore files. To obtain the private key for this computer, which will automatically decrypt files, you need pay 1.2 Bitcoin (~761 USD) You can easily delete this software, but you must know that without it, you will never be able to get your original files back. Disable your antivirus to prevent the removal of this software. For more information on how to buy and send bitcoins, click 'Pay with Bitcoin'. To open a list of encoded files, click 'Show Files'. Do not delete this list, it will be used for decryption. And do not move your files. Ransom-demand message (presented in "Your files are locked !!!!.txt" file): Support e-mail: suppteam01@india.com suppteam01@yandex.ru Your personal files encryption produced on this computer: photos, videos, documents, etc. Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key. The single copy of the private key, which will allow to decrypt the files, located on a secret server on the Internet; the server will destroy the key after 120 hours. After that nobody and never will be able to restore files. To obtain the private key for this computer, you need pay 1.2 Bitcoin (~761 USD) --------------------------------------------------------------------------------------------------- Your Bitcoin address: 14DuLWSHUQt2CKTsWCjpos4RYBFzvgxrLW You must send 1.2 Bitcoin to the specified address and report it to e-mail customer support. In the letter must specify your Bitcoin address to which the payment was made. --------------------------------------------------------------------------------------------------- The most convenient tool for buying Bitcoins in our opinion is the site: hxxps://localbitcoins.com/ There you can buy Bitcoins in your country in any way you like, including electronic payment systems, credit and debit cards, money orders, and others. Instructions for purchasing Bitcoins on account localbitcoins.com read here: hxxps://localbitcoins.com/guides/how-to-buy-bitcoins Video tutorial detailing on buying Bitcoins using the site localbitcoins.com here: hxxp://www.youtube.com/watch?v=hroPcR-0zSI How to withdraw Bitcoins from account localbitcoins.com to our bitcoin wallet: hxxps://localbitcoins.com/faq#howto_buy Also you can use to buy Bitcoins these sites: hxxps://www.bitstamp.net/ - Big BTC exchanger hxxps://www.coinbase.com/ - Other big BTC exchanger hxxps://www.moneypakforbitcoins.us/ - Buy BTC via Green Dot MoneyPak hxxps://btcdirect.eu/ - Best for Europe hxxps://coincafe.com/ - Recommended for fast, many payment methods hxxps://bittylicious.com/ - Good service for Europe and World hxxps://www.247exchange.com/ - Other exchanger Category:Ransomware Category:Win32 ransomware Category:Win32 Category:Win32 trojan Category:Microsoft Windows Category:Trojan Category:Virus Category:Win32 virus